CPU
ConceptThe provided evidence does not support a general technical definition of a CPU (Central Processing Unit) or general CPU architecture (pipelines, caches, instruction sets, performance characteristics, etc.). The supported material is restricted to research and industry literature that targets CPU implementations through verification and randomized testing (SiliFuzz, Instiller, PROFUZZ, the Joannou et al. RISC-V direct-injection paper, and Semiconductor Engineering coverage of RISC-V micro-architectural verification) and to security analysis of heterogeneous FPGA–CPU platforms (JackHammer). This article is scoped strictly to those aspects.
First seen 5/26/2026
Last seen 6/10/2026
Evidence 18 chunks
Wiki v6
WIKI
Scope of the provided evidence
The supplied evidence does not provide a general technical definition of a CPU (Central Processing Unit), nor does it describe general CPU architecture, instruction sets, or pipeline organization. The supported material is restricted to research and industry literature that targets CPU implementations through verification, randomized testing, and security analysis. This article is limited to those aspects, and broader CPU claims are not inferred from the supplied sources.
CPU defects and large-scale post-deployment testing (SiliFuzz)
NEIGHBORHOOD
No graph connections found for this entity yet. It may appear in future ingestion runs.
explore full graph →RELATIONSHIPS
9 connectionsThe paper evaluates RISC-V CPUs through randomized testing.
Meltdown is mentioned as a well-known CPU bug motivating the need for hardware verification.
Spectre is mentioned as a well-known CPU bug motivating the need for hardware verification.
Instiller conducts experiments against real-world target CPU cores for bug detection evaluation.
The Pentium FDIV bug is mentioned as one of numerous CPU bugs costing manufacturers billions.
The Broadwell MCE bug is mentioned as one of numerous CPU bugs costing manufacturers billions.
The Ryzen segfault bug is mentioned as one of numerous CPU bugs costing manufacturers billions.
ISAAC: Intelligent, Scalable, Agile, and Accelerated CPU Verification via LLM-aided FPGA Parallelism ← mentions 95% 1e
The paper focuses on verification of CPUs, directly mentioning CPUs as the target hardware.
The proceedings article published on 2025-10-26 mentions the concept of CPU.
LINKED ENTITIES
10 linksINSTILLER mentioned_in_evidence Named as a prototype RTL fuzzer for CPU designs in arXiv:2401.15967 (ar5iv mirror).
RISC-V mentioned_in_evidence Discussed extensively as the open ISA whose micro-architectural verification is the focus of the Semiconductor Engineering article, and as the target ISA of the Joannou et al. randomized-testing paper.
SystemVerilog mentioned_in_evidence Referenced in the Semiconductor Engineering article as a primary ASIC verification language and as the host for assertions used in CPU formal verification.
UVM mentioned_in_evidence Referenced in the Semiconductor Engineering article as an ASIC verification methodology used for random instruction generation in CPU verification.
Axiomise mentioned_in_evidence Founder/CEO Ashish Darbari is quoted in the Semiconductor Engineering article on micro-architectural verification methods.
Arteris mentioned_in_evidence VP of product marketing Andy Nightingale is quoted in the Semiconductor Engineering article on the state of RISC-V micro-architectural verification.
Cadence Design Systems mentioned_in_evidence Group director Pete Hardee is quoted in the Semiconductor Engineering article on the difficulty of CPU verification and the role of UVM, SystemVerilog, and emulation.
Synopsys mentioned_in_evidence Director Ravindra Aneja in the EDA Group is quoted in the Semiconductor Engineering article on RISC-V control/data-path complexity and the limits of simulation-based verification; Imperas is noted as now part of Synopsys.
Bluespec mentioned_in_evidence CEO Charlie Hauck is quoted in the Semiconductor Engineering article on sub-unit-level CPU verification, UVM limitations, and verification gaps exposed by booting Linux.
FPGA mentioned_in_evidence FPGA is the platform from which JackHammer is launched against host CPU memory, and FPGA-based emulation is referenced in the Semiconductor Engineering article as a verification vehicle with timing-base differences from simulation.
CITATIONS
21 sources21 citations — click to expand
[1] SiliFuzz observes that CPUs grow more complex at logical and physical levels each generation, leading to more logic bugs and electrical defects that slip past pre-production testing, and that this has become more visible as large cloud providers operate CPUs at scale. SiliFuzz: Fuzzing CPUs by proxy
[2] SiliFuzz works by fuzzing software proxies (CPU simulators or disassemblers) to build a corpus and then executing that corpus on real CPUs at scale, with the requirement to re-test every individual core repeatedly over its lifetime. SiliFuzz: Fuzzing CPUs by proxy
[3] SiliFuzz has uncovered four groups of CPU defects and reports shared patterns among other SiliFuzz findings. SiliFuzz: Fuzzing CPUs by proxy
[4] RISC-V is an open ISA in which anyone can implement a processor, and the leaders in the RISC-V market do not treat it as a cheap option because verification cannot be short-cut. RISC-V micro-architectural verification
[5] Verifying a processor is harder than ordinary ASIC verification: every operation in the ISA must be verified to provide the specified behavior in every eventuality, and in general-purpose applications this state space cannot be predicted at IP verification time. RISC-V micro-architectural verification
[6] RISC-V implementations are starting to include speculative execution with out-of-order execution arriving, which improves performance for demanding workloads but also opens up the kinds of security flaws exploited by Spectre and Meltdown. RISC-V micro-architectural verification
[7] Processor verification is performed bottom-up; sub-units such as branch prediction, parts of a pipeline, and any type of memory system (e.g., a cache) are specified via properties, and a generator builds sequences of commands until a property is broken against a golden reference model, after which the sequence is shrunk to isolate the bug. RISC-V micro-architectural verification
[8] After sub-unit verification, integration uses a mixed strategy: formal tools exercise every possible input combination against SystemVerilog assertions, major processor vendors add UVM testbenches and test software, and emulation is used to complete verification and execute test software on the processor under test. RISC-V micro-architectural verification
[9] Micro-architectural verification is performed in two ways: (1) automatically picking up architectural violations via architectural verification assertions and covers in formal, surfacing functional, safety, or security (CIA triad) issues; and (2) showering checks and covers across RTL interfaces to increase bug-hunting, proof convergence, and coverage via compositional reasoning. RISC-V micro-architectural verification
[10] For data-path verification, simulation-based methods cannot be exhaustive; constrained random provides value but may leave corner cases, and formal verification is needed to cover both control-path concurrency and data-path complexity. RISC-V micro-architectural verification
[11] UVM is useful for random instruction generation but does not, on its own, achieve true coverage of an instruction's full state space, and generating random instructions alone is an inefficient way to reach difficult corner cases. RISC-V micro-architectural verification
[12] Test generators for RISC-V are evolving beyond simple random generators, with directed-random approaches needing hundreds of thousands of instructions to cover, for example, a 32-bit add with hazards, and with streams of asynchronous events required to be interleaved with instructions. RISC-V micro-architectural verification
[13] Booting Linux still exposes CPU bugs missed by other verification flows, including asynchronous effects (timers) and timing-base differences between simulation and FPGA-based emulation. RISC-V micro-architectural verification
[14] Instiller is a prototype RTL fuzzer for CPU designs that finds 17.0% more mismatches in its targets, with an input instruction distillation technique yielding a 6.7% average increase in execution speed. Instiller: Towards Efficient and Realistic RTL Fuzzing
[15] Instiller contributes an input instruction distillation technique based on a variant of ant colony optimization, support for multiple interruptions and exceptions with priorities, hardware-based seed selection and mutation strategies, and a prototype implementation that the authors report as outperforming prior work. Instiller: Towards Efficient and Realistic RTL Fuzzing
[16] PROFUZZ is a directed graybox fuzzing paper from the ICCAD 2025 proceedings (DOI 10.1109/iccad66269.2025.11240782, publication date 2025-10-26); only bibliographic metadata is present in the supplied evidence. PROFUZZ: Directed Graybox Fuzzing via Module Selection and ...
[17] Joannou et al. published "Randomized Testing of RISC-V CPUs Using Direct Instruction Injection" in IEEE Design & Test of Computers, vol. 41, no. 1, pp. 40–49, February 2024 (DOI 10.1109/MDAT.2023.3262741); only bibliographic metadata is present in the supplied evidence. Randomized Testing of RISC-V CPUs Using Direct Instruction Injection
[18] JackHammer analyzes the Intel Arria 10 GX integrated FPGA–CPU platform and the Intel Arria 10 GX PAC expansion card (FPGA connected to the CPU via PCIe). JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms
[19] The PCIe-based Intel PAC is, at the time of writing, immune to FPGA-to-CPU cache attacks, while the integrated FPGA–CPU platform is vulnerable to Prime+Probe-style attacks on the CPU's last-level cache. JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms
[20] JackHammer is reported to be roughly twice as fast as a typical CPU-based Rowhammer on the same system and to cause about four times as many bit flips. JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms
[21] In a fault attack against WolfSSL RSA signing, JackHammer produced a faulty signature after an average of 58 signatures, 25% faster than a CPU-based Rowhammer attack, and in some scenarios produced faulty signatures more than three times more often and almost three times faster than a conventional CPU Rowhammer attack. JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms